Login with Lightning
Lightning strikes. Image by skyseeker via flickr.com. License: Creative Commons
LSATs are supposed to bring pseudonymous registrations to the Lightning network. Bitcoin is catching up with something that has long been standard with many other cryptocurrencies – but here and there is still far from reaching a mass reach.
One of the big problems on the Internet is the login and the associated accounts. Most websites now require registration, and those who are logged in to many sites easily lose track and increase the risk of falling victim to data theft. This is usually remedied by logging in with a central account – for example from Google or Facebook – but this increases the already dramatic dependency on these siren servers.
Blockchain technology has long promised decentralized registration using “Bitcoin” or a token: a system in which a Bitcoin address can become an account for everything without the need for a middleman to access it Accounts controlled. For Ethereum and Bitcoin Cash, there is already a Metamask or Badger Wallet, a browser plug-in from the same family. With a button on a website, users can sign messages in order to log in to the website. An example of how well this works can be found on Lazy Fox (Bitcoin Cash) or the many decentralized exchanges (Ethereum). Bitcoin SV (BSV) also has such a solution with Moneybutton, although only semi-decentralized, but also with the option of encrypting data. You can find examples of logins with MoneyButton on Twetch or Baemail.
With LSATs, this should now be possible for Bitcoin – of course through the Lightning network. It was jointly developed by Tieron and Lightning Labs. The “Lightning Service Authentication Token (LSATs)” are intended to enable users to authenticate themselves on various sites and services. This is done through a combination of a micro-payment and authentication header. Tieron recently released a collection of tools for Lightning authentication. This is the Boltwall, the Now-Boltwall, LSAT-js and LSAT Playground.
The path to this result was exciting. Tierion began 2019 to work on a solution for Lightning PayWalls, the so-called Boltwall. This initially used Lightning's Macaroons to receive a payment request and shutdown the PayWall when the payment request was paid. Oloaluwa Osuntokun, CTO of Lightning Labs, then suggested introducing “Lightning Service Authentication Tokens”. This was an excellent match with the Boltwall, which is why Tieron set out to develop an LSAT standard together with Lightning Labs.
The specific technical process of the LSATs also includes macaroons, requests for payment, proof of payment, hashes, preimages and more. If a user goes to a protected page without being authenticated, the server replies with the message “402: Payment required”. The message also contains an Authenticate Header, with which a Macaroon and an Invoice correspond. After the user has paid, he receives a preimage with 32 byte, which he melts together with the Authenticate Header into a token, with which he can then use it can register.
For Tierion, the LSATs are just one (important) step towards a larger vision: that of real-time cash flows between machines. Such micro and nano payments in the background of the web experience that take place between browser and server have become a core of Lightning's vision. The LSATs could help users to log in privately or pseudonymously in order to authorize such payment flows.
In addition, those who use the LSATs on their website must of course also have a Lightning server to accept payments. This should also not make the application attractive for most providers.
Looking beyond these restrictions, Bitcoin with the LSATs fits into a cryptocurrency trend that is more than gratifying. There are good signs that in a few years you will no longer have to manage your online accounts through central middlemen or dozens of registrations, but by logging in with your own and private key. Which of the options that crypto offers will prevail less likely to depend on the technology behind it, but on which one succeeds first in building up a certain mass reach. And every form of login through crypto is still a long way off.